1.2. RHSA-2011:0500: Important: kernel-rt security and bug fix update

Prior to this update, the /proc/diskstats file showed erroneous values. This occurred when the kernel merged two I/O operations for adjacent sectors which were located on different disk partitions. Two merge requests were submitted for the adjacent sectors, the first request for the second partition and the second request for the first partition, which was then merged to the first request. The first submission of the merge request incremented the in_flight value for the second partition. However, at the completion of the merge request, the in_flight value of a different partition (the first one) was decremented. This resulted in the erroneous values displayed in the /proc/diskstats file. With this update, the merging of two I/O operations which are located on different disk partitions has been fixed and works as expected.

On a Mellanox ConnectX (MLX4) adapter, multicast group joins could fail, when performed in a specific sequence, and lead to an exhaustion of MCG entries due to a statically defined MLX4 MCG array size. This issue was observed when using IBM WebSphere MQ Low Latency Messaging (WLLM). With this update, the underlying source code has been modified allowing the MLX4 MCG array size to be passed as a module parameter.

When restarting a system that runs the realtime-kernel (kernel-rt), network interfaces running the bnx2 driver did not start up after the restart due to a locking issue (specifically, the lack of PHY locking in the port init functions) in the NIC initialization. This update adds a number of fixes to resolve this issue and bnx2-based NICs now correctly start up after a system restart.

A buffer overflow flaw was found in the Linux kernel's Cluster IP hashmark target implementation. A local, unprivileged user could trigger this flaw and cause a local denial of service by editing files in the /proc/net/ipt_CLUSTERIP/ directory. Note: On Red Hat Enterprise MRG, only root can write to files in the /proc/net/ipt_CLUSTERIP/ directory by default. This update corrects this issue as a preventative measure in case an administrator has changed the permissions on these files. Red Hat would like to thank Vasiliy Kulikov for reporting this issue.

Prior to this update, a collection of world-writable sysfs and procfs files allowed an unprivileged user to change various settings, change device hardware registers, and load certain firmware. With this update, permissions for these files have been changed.

The iTCO_wdt driver could return confusing warning messages and incorrectly stated that a device was not present when, in fact, it was just disabled. With this update, the warning messages have been cleaned up, and a device is no longer marked as not present when it is disabled.